Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'name' = '%ProgramFiles(x86)%\Tencent\TXPlatform.exe'
- Windows Update
- %WINDIR%\lany.dll
- %WINDIR%\lany.dll
- 'ap#.#huabu.cn':80
- '43.##2.162.5':7438
- http://ap#.#huabu.cn/qd/lany.dll
- '43.##2.162.5':7438
- DNS ASK ap#.#huabu.cn
- '%WINDIR%\syswow64\cmd.exe' /c color 6